Map distance+position fix for mapbox/leaflet

build.js

@@ -176,11 +176,11 @@ function copystatic () {
     fs.mkdir(path.join(__dirname, 'build', 'static'), function () {
       ncp(path.join(__dirname, 'static'), path.join(__dirname, 'build', 'static'), function (err) {
         if (err) { return console.error(err) }
+        fs.writeFileSync(path.join(__dirname, 'build', 'static', 'event-geo.json'), JSON.stringify(eventGeo()))
         console.timeEnd('[metalsmith] build/static finished')
       })
     })
   })
-  fs.writeFileSync(path.join(__dirname, 'build', 'static', 'event-geo.json'), JSON.stringify(eventGeo()))
 }
 
 function fullbuild () {

layouts/events.hbs

@@ -41,7 +41,6 @@
               </div>
 
               <div class="main-content">{{{contents}}}</div>
-
                 {{#each regions}}
                 <div class="region">
                   <h1>{{region}}</h1>
@@ -102,6 +101,7 @@
     <script src='https://api.mapbox.com/mapbox.js/v2.2.3/mapbox.js'></script>
     <link href='https://api.mapbox.com/mapbox.js/v2.2.3/mapbox.css' rel='stylesheet' />
     <script>
+    (function() {
       function haversine() {
         var radians = Array.prototype.map.call(arguments, function(deg) { return deg/180.0 * Math.PI; });
         var lat1 = radians[0], lon1 = radians[1], lat2 = radians[2], lon2 = radians[3];
@@ -149,26 +149,19 @@
               ;
 
             var points = featureLayer.getGeoJSON().features.map(function (feature) {
-                var _lat = feature.geometry.coordinates[1]
-                  , _lon = feature.geometry.coordinates[0]
-                  ;
-                return [feature.geometry.coordinates[0], feature.geometry.coordinates[1], haversine(lat, lon, _lat, _lon)]
-              })
-              .sort(function (a, b) {
-                return a[2] > b[2]
-              })
-
-            function _bounds () {
-              for (var i=0;i<points.length;i++) {
-                var hav = points[i][2]
-                if (i > 10 && hav > .1) {
-                  return [points[i][1], points[i][0]]
-                }
-              }
-            }
-
-            map.fitBounds([[lat, lon], _bounds()])
-            map.setView([lat, lon], map.getZoom()-1)
+              var _lat = feature.geometry.coordinates[1]
+                , _lon = feature.geometry.coordinates[0]
+                , dist = haversine(lat, lon, _lat, _lon)
+                ;
+              return {lon: _lon, lat: _lat, dist: dist}
+            })
+            .sort(function (a, b) {
+              return a.dist > b.dist ? 1 : 
+                     a.dist < b.dist ? -1 : 0;
+            })
+            var nearest = Array.isArray(points) && (points.length > 10 ? points.slice(0, 9) : points.slice(0, points.length-1));
+            nearest.push({lat: lat, lon: lon});
+            map.fitBounds(nearest)
           })
         }
       })
@@ -203,6 +196,7 @@
         regionSubHeading.classList.toggle('is-displayed')
         regionEventsList.classList.toggle('is-displayed')
       }
+    })();
     </script>
 </body>
 </html>

locale/en/about/advisory-board/index.md

@@ -217,4 +217,4 @@ Please help us improve this draft by sending your comments and feedback to
 [governance@nodejs.org](mailto:governance@nodejs.org).
 
 The source for this document can be found [in this
-repository](https://github.com/joyent/node-website/tree/master/doc/about/advisory-board).
+repository](https://github.com/nodejs/nodejs.org/blob/master/locale/en/about/advisory-board/index.md).

locale/en/about/index.md

@@ -11,14 +11,17 @@ connections can be handled concurrently. Upon each connection the callback is
 fired, but if there is no work to be done Node is sleeping.
 
 ```javascript
-var http = require('http');
+const http = require('http');
 
-http.createServer(function (req, res) {
-  res.writeHead(200, {'Content-Type': 'text/plain'});
-  res.end('Hello World\n');
-}).listen(1337, '127.0.0.1');
+const hostname = '127.0.0.1';
+const port = 1337;
 
-console.log('Server running at http://127.0.0.1:1337/');
+http.createServer((req, res) => {
+  res.writeHead(200, { 'Content-Type': 'text/plain' });
+  res.end('Hello World\n');
+}).listen(port, hostname, () => {
+  console.log(`Server running at http://${hostname}:${port}/`);
+});
 ```
 
 This is in contrast to today's more common concurrency model where OS threads

locale/en/blog/vulnerability/cve-2015-8027_cve-2015-6764.md

@@ -0,0 +1,87 @@
+---
+date: 2015-11-25T22:06:05.316Z
+category: vulnerability
+title: CVE-2015-8027 Denial of Service Vulnerability / CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
+slug: cve-2015-8027_cve-2015-6764
+layout: blog-post.hbs
+author: Rod Vagg
+---
+
+This announcement is for:
+
+* CVE-2015-8027: a high-impact denial of service vulnerability
+* CVE-2015-6764: a low-impact V8 out-of-bounds access vulnerability
+
+## CVE-2015-8027 Denial of Service Vulnerability
+
+### Description and CVSS Score
+
+A bug exists in Node.js, all versions of v0.12.x through to v5.x inclusive, whereby an external attacker can cause a denial of service. The severity of this issue is high (see CVSS scoring below) and users of the affected versions should plan to upgrade when a fix is made available.
+
+* Versions 0.10.x of Node.js are ***not affected***.
+* Versions 0.12.x of Node.js are ***vulnerable***.
+* Versions 4.x, including LTS Argon, of Node.js are ***vulnerable***.
+* Versions 5.x of Node.js are ***vulnerable***.
+
+Full details of this vulnerability are embargoed until new releases are available on **Wednesday the 2nd of December 2015, UTC** _(Tuesday the 1st of December US time)_.
+
+Common Vulnerability Scoring System (CVSS) v3 Base Score:
+
+| Metric                      | Score                      |
+|-----------------------------|----------------------------|
+| **Base Score:**             | **7.5 (High)**             |
+| **Base Vector:**            | [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
+| **Attack Vector:**          | Network (AV:N)             |
+| **Attack Complexity:**      | Low (AC:L)                 |
+| **Privileges Required:**    | None (PR:N)                |
+| **User Interaction:**       | None (UI:N)                |
+| **Scope of Impact:**        | Unchanged (S:U)            |
+| **Confidentiality Impact:** | None (C:N)                 |
+| **Integrity Impact:**       | None (I:N)                 |
+| **Availability Impact:**    | High (A:H)                 |
+
+Complete CVSS v3 Vector: [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:R/CR:L/IR:L/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:R/CR:L/IR:L/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:H). Refer to the [CVSS v3 Specification](https://www.first.org/cvss/specification-document) for details on the meanings and application of the vector components.
+
+CVE-2015-8027 is listed on the [MITRE CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027) and [NIST NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8027).
+
+## CVE-2015-6764 V8 Out-of-bounds Access Vulnerability
+
+### Description and CVSS Score
+
+An additional bug exists in Node.js, all versions of v4.x and v5.x, whereby an attacker may be able to trigger an out-of-bounds access and/or denial of service if user-supplied JavaScript can be executed by an application. The severity of this issue is considered medium for Node.js users (see CVSS scoring below), but only under circumstances where an attacker may cause user-supplied JavaScript to be executed within a Node.js application. Fixes will be shipped for the v4.x and v5.x release lines along with fixes for CVE-2015-8027.
+
+* Versions 0.10.x of Node.js are ***not affected***.
+* Versions 0.12.x of Node.js are ***not affected***.
+* Versions 4.x, including LTS Argon, of Node.js are ***vulnerable***.
+* Versions 5.x of Node.js are ***vulnerable***.
+
+Full details of this vulnerability are embargoed until new releases are available on **Wednesday the 2nd of December 2015, UTC** _(Tuesday the 1st of December US time)_.
+
+Common Vulnerability Scoring System (CVSS) v3 Base Score:
+
+| Metric                      | Score                      |
+|-----------------------------|----------------------------|
+| **Base Score:**             | **4.4 (Medium)**           |
+| **Base Vector:**            | [CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
+| **Attack Vector:**          | Network (AV:N)             |
+| **Attack Complexity:**      | Medium (AC:H)              |
+| **Privileges Required:**    | High (PR:H)                |
+| **User Interaction:**       | None (UI:N)                |
+| **Scope of Impact:**        | Unchanged (S:U)            |
+| **Confidentiality Impact:** | None (C:N)                 |
+| **Integrity Impact:**       | None (I:N)                 |
+| **Availability Impact:**    | High (A:H)                 |
+
+Complete CVSS v3 Vector: [CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R/CR:L/IR:L/AR:M/MAV:N/MAC:H/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:H](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R/CR:L/IR:L/AR:M/MAV:N/MAC:H/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:H). Refer to the [CVSS v3 Specification](https://www.first.org/cvss/specification-document) for details on the meanings and application of the vector components.
+
+CVE-2015-6764 is listed on the [MITRE CVE dictionary](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764) and [NIST NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6764).
+
+## Action and updates
+
+New releases of v0.12.x, v4.x and v5.x on **Wednesday the 2nd of December 2015, UTC** will be made available with appropriate fixes for CVE-2015-8027 and CVE-2015-6764 (for v4.x and v5.x only) along with disclosure of the details of the bug to allow for complete impact assessment by users.
+
+## Contact and future updates
+
+Please contact security@nodejs.org if you wish to report a vulnerability in Node.js.
+
+Please subscribe to the low-volume announcement-only **nodejs-sec** mailing list at https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date with security vulnerabilities in Node.js and the projects maintained in the **nodejs** [GitHub organisation](http://github.com/nodejs/).